What is CVE-2018-3953?

CVE-2018-3953 is a high-severity vulnerability in Linksys Eseries E1200. CVSS score: 7.2/10. Published 2018-10-17.

How severe is CVE-2018-3953?

High severity. CVSS v3 base score is 7.2 out of 10.

Is CVE-2018-3953 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Linksys Eseries E1200

CVE-2018-3953

Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrie…

EPSS: 0.634 (98.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Linksys Eseries E1200 — versions Firmware Version 2.0.09
Linksys Eseries E2500 — versions Firmware Version 3.0.04

Public proof-of-concept exploits

References

talosintelligence.com/vulnerability_reports/TALOS-2018-0625 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-3953?: CVE-2018-3953 is a high-severity vulnerability in Linksys Eseries E1200. CVSS score: 7.2/10. Published 2018-10-17.
How severe is CVE-2018-3953?: High severity. CVSS v3 base score is 7.2 out of 10.
Is CVE-2018-3953 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.